Fix 7956: Disable reporting observers to expose violation reports to JS

brave · Mar 3, 2020 · a95f17f · a95f17f
1 parent 4f3789a
commit a95f17f
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 0 deletions.
diff --git a/chromium_src/third_party/blink/renderer/core/frame/reporting_observer_browsertest.cc b/chromium_src/third_party/blink/renderer/core/frame/reporting_observer_browsertest.cc
@@ -0,0 +1,43 @@
+/* Copyright (c) 2020 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "base/path_service.h"
+#include "brave/browser/brave_content_browser_client.h"
+#include "brave/common/brave_paths.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/common/chrome_content_client.h"
+#include "chrome/test/base/in_process_browser_test.h"
+#include "chrome/test/base/ui_test_utils.h"
+#include "content/public/test/browser_test_utils.h"
+
+namespace {
+
+const char kReportingObserver[] = "/reporting_observer.html";
+
+}  // namespace
+
+class ReportingObserverTest : public InProcessBrowserTest {
+ public:
+  void SetUpOnMainThread() override {
+    InProcessBrowserTest::SetUpOnMainThread();
+    content::SetupCrossSiteRedirector(embedded_test_server());
+
+    brave::RegisterPathProvider();
+    base::FilePath test_data_dir;
+    base::PathService::Get(brave::DIR_TEST_DATA, &test_data_dir);
+    embedded_test_server()->ServeFilesFromDirectory(test_data_dir);
+
+    ASSERT_TRUE(embedded_test_server()->Start());
+  }
+};
+
+IN_PROC_BROWSER_TEST_F(ReportingObserverTest, IsDisabled) {
+  GURL url = embedded_test_server()->GetURL(kReportingObserver);
+  ui_test_utils::NavigateToURL(browser(), url);
+  content::WebContents* contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+
+  EXPECT_EQ(true, EvalJs(contents, "isReportingObserverDisabled();"));
+}
diff --git a/patches/third_party-blink-renderer-core-frame-reporting_observer.idl.patch b/patches/third_party-blink-renderer-core-frame-reporting_observer.idl.patch
@@ -0,0 +1,12 @@
+diff --git a/third_party/blink/renderer/core/frame/reporting_observer.idl b/third_party/blink/renderer/core/frame/reporting_observer.idl
+index a248a08fcd1e3566c838f26393fd64c877bab11b..a1ae499dab51d79756e339cfd2ac508675f97b90 100644
+--- a/third_party/blink/renderer/core/frame/reporting_observer.idl
++++ b/third_party/blink/renderer/core/frame/reporting_observer.idl
+@@ -7,6 +7,7 @@
+ callback ReportingObserverCallback = void (sequence<Report> reports, ReportingObserver observer);
+
+ [
++    ContextEnabled=ReportingObservers,
+     Constructor(ReportingObserverCallback callback, optional ReportingObserverOptions options),
+     ConstructorCallWith=ExecutionContext,
+     ActiveScriptWrappable
diff --git a/test/BUILD.gn b/test/BUILD.gn
@@ -569,6 +569,7 @@ test("brave_browser_tests") {
     "//brave/chromium_src/chrome/browser/ui/views/tabs/tab_hover_card_bubble_view_browsertest.cc",
     "//brave/chromium_src/components/content_settings/core/browser/brave_content_settings_registry_browsertest.cc",
     "//brave/chromium_src/third_party/blink/public/platform/disable_client_hints_browsertest.cc",
+    "//brave/chromium_src/third_party/blink/renderer/core/frame/reporting_observer_browsertest.cc",
     "//brave/chromium_src/third_party/blink/renderer/modules/battery/navigator_batterytest.cc",
     "//brave/chromium_src/third_party/blink/renderer/modules/bluetooth/navigator_bluetoothtest.cc",
     "//brave/common/brave_channel_info_browsertest.cc",

diff --git a/test/data/reporting_observer.html b/test/data/reporting_observer.html
@@ -0,0 +1,11 @@
+<script>
+  function isReportingObserverDisabled() {
+    try {
+      new ReportingObserver(function(reports, observer) {
+      	return false;
+	  }, {});
+    } catch (err) {
+      return true;
+    }
+  }
+</script>